Some 1,500 applications for the iPhone and iPad contain a vulnerability that could allow an attacker who is between a user and the Internet is encrypted SSL traffic from the app to intercept and decrypt. The leak is present in the AFNetworking library that use these applications and ensures that SSL certificates are not checked properly.
AFNetworking the library is a popular library for app developers and adds networking capabilities to the app. The vulnerability was patched on March 26 this year, but research from SourceDNA shows that are only 1500 apps use a vulnerable version of the library. Researchers from Minded Security warned late March already the problem and say that they were able to intercept all the vulnerable SSL traffic during a test through a proxy like Burp Suite .
According SourceDNA the problem by now patched, but app developers do not know much of the problem and continue to give vulnerable updates to their apps. The company put this website online that allows users to see if there have been installed on their phone apps that are vulnerable.
No comments:
Post a Comment